The future of hosted wallets and P2P
I’m going to go out on a limb and make a prediction. The eventual hosted wallets of the future will likely have an offline-capable cash mode that can do person to person P2P.
I am not a Bitcoin expert. Like all my articles this is pure speculation and an exercise at thinking through an idea well enough to put it in written form. It is also entirely possible that it is a complete miss and will never eventuate. Do not ask any wallet you use for an “offline-capable cash mode” based on this article — they definitely have better things to at this time!
The person paying does not need to be online
You want to know a form of P2P payment that worked. Cheques. You could write a cheque on the spot and give it to someone and consider something paid. I still see references to businesses that take them every so often, even though I haven’t had a cheque book for decades. Another form of P2P payment is of course cash. If you say your new form of payment is like cash, it really isn’t unless you can do offline payments.
Bitcoin solves this in creating a true peer environment. P2P is not about nodes nor mining. P2P is person to person. Your peer is the other party to the exchange. Ideally, the use of IP-2-IP would allow this or even a direct exchange from the client to the merchant. — Craig Wright, Bitcoin’s Privacy Model.
Recently there was a conference in Dubai. One of the interesting things about Dubai is that their taxi drivers have to support contact-less payments, and if their machine is down you do not have to pay. The online forums where foreigners explain this system of course point out that the driver probably has to take the hit — so they go somewhere and take out cash to pay them.
You guessed it. My co-developer of ElectrumSV and I were in a taxi and the payment system did not work. I had to go into the hotel and find the cash machine and then wait for some dude to make several consecutive withdrawals 🤔to finally make one myself. Then I had to race up and give the driver the cash, while the hotel staff were in the meantime trying to get him to leave.
Modern technology is just not reliable. Every day something happens to someone I interact with where I have to refrain from sighing and lamenting about “modern technology”. Let’s not even get started on “first world countries” that have brown outs or power restrictions! The power here also goes out several times a year due to wind or rain, even in towns and cities. A local ISP that provides connectivity to rural businesses even sends out warnings about ice or snow on solar panels powering their equipment.
Cash makes sense
My prediction is that the most used hosted wallets will have a “cash” balance prominent in their application, which the user has chosen the level of and can use to pay even if they do not have an internet connection. You can do this in a basic sense with ElectrumSV now although you would have to carry around your laptop. You could maybe do this also in a basic sense with SimplyCash and a few others. Existing unhosted wallets are similar, but not even they really qualify yet.
The person sending the transaction never even needs to be online. They do not require a node, nor even an IP address. Using NFC, they can log in, download the headers, and update their change address at a later time (or even have this key on a completely separate system). — Craig Wright, Bitcoin’s Privacy Model.
There is an endless amount of work to do. A good starting point is routing all payments through your server (perhaps in the following way) and having a reduced scope:
The next step might be the following if you want to be the cash of the future:
As a user your mobile wallet app should have authoritative control of enough confirmed UTXOs in various denominations that it can spend without a network connection. In the above image, Alice has synchronised her “cash” coins from her hosted wallet and runs into Bob and pays him directly — peer to peer. No intermediaries. If her app can synchronise with her wallet service, it does at the earliest opportunity.
The business providing the hosted wallet you use keep the software and services updated and secure, and provide necessary assistance that enhance the experience and make life easier. They will provide you with worst case recovery assistance if your device gets stolen or tragically dropped in front of a steamroller or any comparable situation. But maybe we just keep being okay but unhappy with losing some amount of “electronic cash” and you just pay for the worst case recovery if you happen to have large amounts on hand — but it is not clear how you would actually lose the cash if you even can.
As Alice pays Bob directly, the payment may be tagged for that worst case recovery with metadata, possibly identity proof will be invisibly exchanged or maybe Bob asks Alice for her physical ID and takes a copy if the value is large.
Maybe I am wrong, but if your hosted wallet does not have offline payment support and requires it’s server to be used for you to make a payment, maybe it won’t be the one people choose to use due to reported inconvenience. You probably won’t have large amounts loaded into your offline balance as a normal measure. You would probably opt to load a larger amount if you know you need it. Kind of like cash, really.
Merchants make their own decisions based on reasoning
Craig has addressed the concerns people have with double spent payments many many times over the years, and does it much better than I could. Let me list some quotes:
- “Fraud is fraud…. A double spend is larceny”, CSW, 2018–05–28, Metanet.ICU slack.
- “The risk of a DS is 100s of times less than a card fraud”, CSW, 2018–07–25, Metanet.ICU slack.
- “Crime — Fraud — Obtaining pecuniary advantage by deception — Worthless cheque presented in payment of debt — Whether ‘debt … evaded’ — Theft Act 1968 (c. 60), s. 16 (2) (2)”, CSW, 2019–08–24, Metanet.ICU slack.
The model that I understand Craig to have been talking about for years is as follows:
- The sender does not have to have an internet connection.
- Require confirmed coins (cue SPV), they existed but may be double spent.
- If the coins turn out to have been spent, it is fraud.
- If the transaction was valuable, then identity was provided.
- Otherwise, the merchant likely has an internet connection or some risk profile they have chosen that works for them to do business.
Let me restate the key part of this in case the implications are not clear. If the merchant does not accept the risk profile they have analysed in order to choose to accept offline payments, they will not accept them. They might have conditions that have to be met, including photographing you holding up your ID or who knows what. It is a choice they have thought through and made — you do not need to imagine problems with this. They have an incentive to adopt and adapt the same approaches other merchants use if they chose to do it.
This section is only interesting if you want to think about some technical stuff that occurred to me as I fleshed out this article.
One of the key APIs for developers is the ability to query spent outputs. If a hosted wallet has delegated offline spending of UTXOs to the user’s mobile app, then it has the outpoints that represent those outputs. It can find any broadcast transactions that spend them, and even know if they were spent. There are some gaps here in terms of if the merchant did or did not broadcast a transaction, and maybe some waiting period and additional heuristics that need to be applied here.